Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cisco connect montreal 2018 enterprise networks - say goodbye to vla ns

96 views

Published on

Infrastructures Réseaux : Dites adieu aux VLANs - Retirer la complexité de vos réseaux avec Cisco SD-Access

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Cisco connect montreal 2018 enterprise networks - say goodbye to vla ns

  1. 1. Cisco Connect Montréal 2018 Vision mondiale. Analyse locale.
  2. 2. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Infrastructures Réseaux - Dites adieu aux VLANs : Retirer la complexité de vos réseaux avec Cisco SD-Access
  3. 3. Cisco Connect Montreal 2018 Global vision. Local knowledge.
  4. 4. © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Enterprise Networks – Say goodbye to VLANs: Removing the complexity of your networks with Cisco SD-Access
  5. 5. © 2018 Cisco and/or its affiliates. All rights reserved. Agenda Key Benefits Why do I care? Key Concepts What is SD Access? What’s new? SDA Roadmap Demonstration Time for some action! Take-away Things to Remember 1 2 3 4 5 5
  6. 6. © 2018 Cisco and/or its affiliates. All rights reserved. Key Benefits Why do I care? 6
  7. 7. © 2018 Cisco and/or its affiliates. All rights reserved. Powered by intent, informed by context. THE NETWORK. INTUITIVE. I N T E N T CONTEXT S E C U R I T Y L E A R N I N G
  8. 8. © 2018 Cisco and/or its affiliates. All rights reserved. Tell your network What you Want and let it figure out How to do That
  9. 9. © 2018 Cisco and/or its affiliates. All rights reserved. Correlate Information from Multiple Sensors to provide Deeper Insights and Suggest Actions Context
  10. 10. © 2018 Cisco and/or its affiliates. All rights reserved. C B B Cisco DNA & SD-Access Networking at the Speed of Software! Automated Network Fabric Single Fabric for Wired & Wireless with simple Automation Insights & Telemetry Analytics and Insights into User and Application behavior Identity-Based Policy & Segmentation Decouples Security & QoS from VLAN and IP Address IoT Network Employee Network User Mobility Policy stays with User Outside DNA Center AnalyticsAutomationPolicy 10 SDA Extension
  11. 11. © 2018 Cisco and/or its affiliates. All rights reserved. Key Concepts What is SD-Access? 1. High-Level View 2. Roles & Platforms 3. Fabric Constructs 11
  12. 12. © 2018 Cisco and/or its affiliates. All rights reserved. 12
  13. 13. © 2018 Cisco and/or its affiliates. All rights reserved. What is SD-Access? Campus Fabric + DNA Center (Automation & Assurance) 13 § Campus Fabric CLI or API approach to build a LISP + VXLAN + CTS Fabric overlay for your enterprise Campus networks CLI provides backwards compatibility but management is box-by-box. API provides device automation via NETCONF/YANG Separated management systems APIC-EM 1.X § SD-Access GUI approach provides automation & assurance of all Fabric configuration, management and group-based policy DNA Center integrates multiple systems, to orchestrate your LAN, Wireless LAN and WAN access Campus Fabric ISE PI NCP ISE NDP DNA Center B C B
  14. 14. © 2018 Cisco and/or its affiliates. All rights reserved. Assure 15
  15. 15. © 2018 Cisco and/or its affiliates. All rights reserved. 16
  16. 16. © 2018 Cisco and/or its affiliates. All rights reserved. Assure 17
  17. 17. © 2018 Cisco and/or its affiliates. All rights reserved. 18
  18. 18. © 2018 Cisco and/or its affiliates. All rights reserved. A Fabric is an Overlay An Overlay network is a logical topology used to virtually connect devices, built on top of a simple physical Underlay network. An Overlay network often uses alternate forwarding attributes to provide additional services, not provided by the Underlay. • GRE / mGRE • MPLS / VPLS • IPSec / DMVPN • CAPWAP • LISP • OTV • DFA • ACI Examples of Network Overlays SD-Access What exactly is a Fabric? 19
  19. 19. © 2018 Cisco and/or its affiliates. All rights reserved. SD-Access Fabric Terminology Overlay Control Plane Underlay Control PlaneUnderlay Network Hosts (End-Points) Edge DeviceEdge Device Overlay Network Encapsulation 20
  20. 20. © 2018 Cisco and/or its affiliates. All rights reserved. You can reuse your existing IP network as the Fabric Underlay! • Key Requirements • IP reach from Edge to Edge/Border/CP • Can be L2 or L3 – We recommend L3 • Can be any IGP – We recommend ISIS • Key Considerations • MTU (Fabric Header adds 50B) • Latency (max RTT =/< 100ms) Manual Underlay Prescriptive fully automated Global and IP Underlay Provisioning! • Key Requirements • Leverages standard PNP for Bootstrap • Assumes New / Erased Configuration • Uses a Global “Underlay” Address Pool • Key Considerations • PNP pre-setup is required • 100% Prescriptive (No Custom) Automated Underlay Underlay Network SD-Access Manual vs. Automated Underlay 21
  21. 21. © 2018 Cisco and/or its affiliates. All rights reserved. SD-Access Campus Fabric - Key Components 1. Control-Plane based on LISP 2. Data-Plane based on VXLAN 3. Policy-Plane based on CTS Key Differences • L2 + L3 Overlay -vs- L2 or L3 Only • Host Mobility with Anycast Gateway • Adds VRF + SGT into Data-Plane • Virtual Tunnel Endpoints (Automatic) • NO Topology Limitations (Basic IP) 22 C B B
  22. 22. © 2018 Cisco and/or its affiliates. All rights reserved. SD-Access Fabric Campus Fabric - Key Components - LISP Endpoint Routes are Consolidated to LISP DB Topology + Endpoint Routes BEFORE IP Address = Location + Identity Prefix Next-hop 189.16.17.89 …......171.68.226.120 22.78.190.64 ….....171.68.226.121 172.16.19.90 ….....171.68.226.120 192.58.28.128 …....171.68.228.121 189.16.17.89 …....171.68.226.120 22.78.190.64 ….....171.68.226.121 172.16.19.90 …......171.68.226.120 192.58.28.128 ….....171.68.228.121 189.16.17.89 …....171.68.226.120 22.78.190.64 ….....171.68.226.121 172.16.19.90 …......171.68.226.120 192.58.28.128 ….....171.68.228.121 189.16.17.89 ….....171.68.226.120 22.78.190.64 …......171.68.226.121 172.16.19.90 ….....171.68.226.120 192.58.28.128 ….....171.68.228.121 Prefix Next-hop 189.16.17.89 ….....171.68.226.120 22.78.190.64 ….....171.68.226.121 172.16.19.90 ….....171.68.226.120 192.58.28.128 …....171.68.228.121 189.16.17.89 …....171.68.226.120 22.78.190.64 ….....171.68.226.121 172.16.19.90 …......171.68.226.120 192.58.28.128 ….....171.68.228.121 189.16.17.89 …....171.68.226.120 22.78.190.64 ….....171.68.226.121 172.16.19.90 …......171.68.226.120 192.58.28.128 ….....171.68.228.121 189.16.17.89 ….....171.68.226.120 22.78.190.64 …......171.68.226.121 172.16.19.90 ….....171.68.226.120 192.58.28.128 ….....171.68.228.121 Prefix Next-hop 189.16.17.89 ….....171.68.226.120 22.78.190.64 ….....171.68.226.121 172.16.19.90 ….....171.68.226.120 192.58.28.128 …....171.68.228.121 189.16.17.89 …....171.68.226.120 22.78.190.64 ….....171.68.226.121 172.16.19.90 …......171.68.226.120 192.58.28.128 ….....171.68.228.121 189.16.17.89 …....171.68.226.120 22.78.190.64 ….....171.68.226.121 172.16.19.90 …......171.68.226.120 192.58.28.128 …......171.68.228.121 189.16.17.89 ….....171.68.226.120 22.78.190.64 …......171.68.226.121 172.16.19.90 ….....171.68.226.120 192.58.28.128 ….....171.68.228.121 Routing Protocols = Big Tables & More CPU with Local L3 Gateway Host Mobility Mapping Database Only Local Routes Prefix RLOC 192.58.28.128 ….....171.68.228.121 189.16.17.89 ….....171.68.226.120 22.78.190.64 ….....171.68.226.121 172.16.19.90 ….....171.68.226.120 192.58.28.128 ….....171.68.228.121 192.58.28.128 ….....171.68.228.121 189.16.17.89 ….....171.68.226.120 22.78.190.64 ….....171.68.226.121 172.16.19.90 ….....171.68.226.120 192.58.28.128 ….....171.68.228.121 Prefix Next-hop 189.16.17.89 ….....171.68.226.120 22.78.190.64 ….....171.68.226.121 172.16.19.90 ….....171.68.226.120 192.58.28.128 …....171.68.228.121 Prefix Next-hop 189.16.17.89 ….....171.68.226.120 22.78.190.64 ….....171.68.226.121 172.16.19.90 ….....171.68.226.120 192.58.28.128 …....171.68.228.121 Prefix Next-hop 189.16.17.89 ….....171.68.226.120 22.78.190.64 ….....171.68.226.121 172.16.19.90 ….....171.68.226.120 192.58.28.128 …....171.68.228.121 AFTER Separate Identity from Location Topology Routes Endpoint Routes LISP DB + Cache = Small Tables & Less CPU with Anycast L3 Gateway 1. Control-Plane based on LISP 23
  23. 23. © 2018 Cisco and/or its affiliates. All rights reserved. SD-Access Fabric Key Components – VXLAN ORIGINAL PACKET PAYLOADETHERNET IP PACKET IN LISP PAYLOADIPLISPUDPIPETHERNET PAYLOADETHERNET IPVXLANUDPIPETHERNET PACKET IN VXLAN Supports L2 & L3 Overlay Supports L3 Overlay Only 1. Control-Plane based on LISP 2. Data-Plane based on VXLAN 24
  24. 24. © 2018 Cisco and/or its affiliates. All rights reserved. PAYLOADETHERNET IPVXLANUDPIPETHERNET SD-Access Fabric Key Components – CTS VRF + SGT 1. Control-Plane based on LISP 2. Data-Plane based on VXLAN 3. Policy-Plane based on CTS 25 Virtual Routing & Forwarding Scalable Group Tagging
  25. 25. © 2018 Cisco and/or its affiliates. All rights reserved. Key Concepts What is SD-Access? 1. High-Level View 2. Roles & Platforms 3. Fabric Constructs
  26. 26. © 2018 Cisco and/or its affiliates. All rights reserved. SD-Access Fabric Roles & Terminology 27 NCP ISE NDP § Control-Plane Nodes – Map System that manages Endpoint to Device relationships § Fabric Edge Nodes – A Fabric device (e.g. Access or Distribution) that connects Wired Endpoints to the SDA Fabric § Identity Services – NAC & ID Systems (e.g. ISE) for dynamic Endpoint to Group mapping and Policy definition § Fabric Border Nodes – A Fabric device (e.g. Core) that connects External L3 network(s) to the SDA Fabric Identity Services Intermediate Nodes (Underlay) Fabric Border Nodes Fabric Edge Nodes § DNA Center – provides simple GUI management and intent based automation (e.g. NCP) and context sharing DNA Center § Analytics Engine – Data Collectors (e.g. NDP) analyze Endpoint to App flows and monitor fabric status Analytics Engine Control-Plane Nodes § Fabric Wireless Controller – A Fabric device (WLC) that connects APs and Wireless Endpoints to the SDA Fabric Fabric Wireless Controller Campus Fabric B C B
  27. 27. © 2018 Cisco and/or its affiliates. All rights reserved. Control-Plane Node runs a Host Tracking Database to map location information SD-Access Fabric Control-Plane Nodes – A Closer Look Unknown Networks Known Networks • A simple Host Database that maps Endpoint IDs to a current Location, along with other attributes • Host Database supports multiple types of Endpoint ID lookup types (IPv4, IPv6 or MAC) • Receives Endpoint ID map registrations from Edge and/or Border Nodes for “known” IP prefixes • Resolves lookup requests from Edge and/or Border Nodes, to locate destination Endpoint IDs 28 B C B
  28. 28. © 2018 Cisco and/or its affiliates. All rights reserved. Edge Node provides first-hop services for Users / Devices connected to a Fabric SD-Access Fabric Edge Nodes – A Closer Look Unknown Networks Known Networks • Responsible for Identifying and Authenticating Endpoints (e.g. Static, 802.1X, Active Directory) • Register specific Endpoint ID info (e.g. /32 or /128) with the Control-Plane Node(s) • Provide an Anycast L3 Gateway for the connected Endpoints (same IP address on all Edge nodes) • Performs encapsulation / de-encapsulation of data traffic to and from all connected Endpoints 30 B C B
  29. 29. © 2018 Cisco and/or its affiliates. All rights reserved. SD-Access Fabric Border Nodes – A Closer Look Unknown Networks Known Networks 32 B C B Border Node is an Entry & Exit point for data traffic going Into & Out of a Fabric There are 2 Types of Border Node! • Internal Border • Used for “Known” Routes inside your company • External Border (or Default) • Used for “Unknown” Routes outside your company
  30. 30. © 2018 Cisco and/or its affiliates. All rights reserved. Fabric Enabled WLC is integrated into Fabric for SDA Wireless clients SD-Access Fabric Fabric Enabled Wireless – A Closer Look Unknown Networks Known Networks • Connects to Fabric via Border (Underlay) • Fabric Enabled APs connect to the WLC (CAPWAP) using a dedicated Host Pool (Overlay) • Fabric Enabled APs connect to the Edge via VXLAN • Wireless Clients (SSIDs) use regular Host Pools for data traffic and policy (same as Wired) • Fabric Enabled WLC registers Clients with the Control-Plane (as located on local Edge + AP) Data: VXLAN Ctrl: CAPWAP 36 B C B
  31. 31. © 2018 Cisco and/or its affiliates. All rights reserved. Key Concepts What is SD-Access? 1. High-Level View 2. Roles & Platforms 3. Fabric Constructs
  32. 32. © 2018 Cisco and/or its affiliates. All rights reserved. SD-Access Fabric Virtual Network– A Closer Look Virtual Network maintains a separate Routing & Switching table for each instance • Control-Plane uses Instance ID to maintain separate VRF topologies (“Default” VRF is Instance ID “4098”) • Nodes add a VNID to the Fabric encapsulation • Endpoint ID prefixes (Host Pools) are routed and advertised within a Virtual Network • Uses standard “vrf definition” configuration, along with RD & RT for remote advertisement (Border Node) VN Campus VN IOT VN Guest 39 Unknown Networks Known Networks B C B
  33. 33. © 2018 Cisco and/or its affiliates. All rights reserved. SD-Access Fabric Scalable Groups – A Closer Look Scalable Group is a logical policy object to “group” Users and/or Devices • Nodes use “Scalable Groups” to ID and assign a unique Scalable Group Tag (SGT) to Endpoints • Nodes add a SGT to the Fabric encapsulation • SGTs are used to manage address-independent “Group-Based Policies” • Edge or Border Nodes use SGT to enforce local Scalable Group ACLs (SGACLs) 40 Unknown Networks Known Networks B C B SGT 17 SGT 3 SGT 23 SGT 4 SGT 8 SGT 12 SGT 11 SGT 19 SGT 25
  34. 34. © 2018 Cisco and/or its affiliates. All rights reserved. SD-Access Fabric Host Pools – A Closer Look Host Pool provides basic IP functions necessary for attached Endpoints • Edge Nodes use a Switch Virtual Interface (SVI), with IP Address /Mask, etc. per Host Pool • Fabric uses Dynamic EID mapping to advertise each Host Pool (per Instance ID) • Fabric Dynamic EID allows Host-specific (/32, /128 or MAC) advertisement and mobility • Host Pools can be assigned Dynamically (via Host Authentication) and/or Statically (per port) 41 Unknown Networks Known Networks B C B Pool .17 Pool .13 Pool .23 Pool .4 Pool .8 Pool .12 Pool .11 Pool .19 Pool .25
  35. 35. © 2018 Cisco and/or its affiliates. All rights reserved. Anycast GW provides a single L3 Default Gateway for IP capable endpoints SD-Access Fabric Anycast Gateway– A Closer Look • Similar principle and behavior as HSRP / VRRP with a shared “Virtual” IP and MAC address • The same Switch Virtual Interface (SVI) is present on EVERY Edge, with the same Virtual IP and MAC • Control-Plane with Fabric Dynamic EID mapping maintains the Host to Edge relationship • When a Host moves from Edge 1 to Edge 2, it does not need to change it’s Default Gateway J GW GW GW 42 Unknown Networks Known Networks B C B GW GW
  36. 36. © 2018 Cisco and/or its affiliates. All rights reserved. Stretched Subnets allow an IP subnet to be “stretched” via the Overlay SD-Access Fabric Layer 3 Overlay – A Closer Look • Host IP based traffic arrives on the local Fabric Edge SVI, and is then transferred by Fabric • Fabric Dynamic EID mapping allows Host-specific (/32, /128, MAC) advertisement and mobility • Host 1 connected to Edge A can now use the same IP subnet to communicate with Host 2 on Edge B • No longer need a VLAN to connect Host 1 and 2 J Dynamic EID 43 Unknown Networks Known Networks B C B GW GW GWGW GW
  37. 37. © 2018 Cisco and/or its affiliates. All rights reserved. Layer 2 Overlay allows Non-IP endpoints to use Broadcast & L2 Multicast SD-Access Fabric Layer 2 Overlay – A Closer Look • Similar principle and behavior as Virtual Private LAN Services (VPLS) P2MP Overlay • Uses a pre-built Multicast Underlay to setup a P2MP tunnel between all Fabric Nodes. • L2 Broadcast and Multicast traffic will be distributed to all connected Fabric Nodes. • Can be enabled for specific Host Pools that require L2 services (use Stretched Subnets for L3) VLAN VLANVLAN L2 Overlay 44 Unknown Networks Known Networks B C B NOTE: L3 Integrated Routing and Bridging (IRB) is not support at this time.
  38. 38. © 2018 Cisco and/or its affiliates. All rights reserved. What’s new? SDA Roadmap 45
  39. 39. © 2018 Cisco and/or its affiliates. All rights reserved. SD-Access Roadmap SDA 1.1 December’17 SDA 1.2 May’18 • Identity-based Policy & Segmentation • Automated Network Fabric • Fabric-Enabled Wireless DNA Center 1.1/1.1.1, ISE 2.3, IOS-XE 16.6, AireOS 8.5 DNA Center 1.2, ISE 2.4, IOS-XE 16.8. AireOS 8.7 • Wireless Assurance (DNAC 1.1.1) • Network Health Monitoring • SD-Access for Distributed Campus (Beta) • SD-Access Extension for IoT (Beta) • IBNS 2.0 • Usability Enhancements • Fabric Enabled Wireless Enhancements SDA 1.2.5/6 October’18 DNA Center 1.2, ISE 2.4, IOS-XE 16.9. AireOS 8.8 • SD-Access for Distributed Campus (FCS) • Layer 2 Flooding • Layer 2 Hand off for Migration purposes • Native Multicast • Fabric in a Box • LAN Automation & Host On- boarding Enhancements • Fabric Control Plane Resiliency (six control plane nodes) • DNAC CLI Templates
  40. 40. © 2018 Cisco and/or its affiliates. All rights reserved. SD-Access for Distributed Campus Connecting Multiple Fabric Sites 47
  41. 41. © 2018 Cisco and/or its affiliates. All rights reserved. Fabric Sites & Domains Connecting Multiple Fabrics ?VRF-LITE MPLS Fabric Site 2 B C B *New in SDA 1.2 Fabric Site 1 B C B SD-Access* First, you build a single Fabric Site Later, you build another Fabric Site How do you connect them together? Metro Area 48
  42. 42. © 2018 Cisco and/or its affiliates. All rights reserved. Inter-Connecting Fabric Sites Multiple Fabric Domains with VRF-LITE Transit Fabric Site 2 B C B Fabric Site 1 B C B VRF-LITE SXP + ISESGT SGT 1 POLICY-PLANE MP-BGPLISP LISP 1 CONTROL-PLANE VRF-LITEVXLAN VXLAN 1 DATA-PLANE SXP SDA 1.0 - 1.1 49
  43. 43. © 2018 Cisco and/or its affiliates. All rights reserved. ü Automated Inter-Site Connectivity ü Consistent Enterprise-Wide Policy ü Enhanced Resiliency & Local Isolation ü Direct Internet Access per Site § Individual Fabric Sites contain local Border and Control Planes nodes § Local Border nodes can hand-off to an IP-based WAN or an SD-Access Transit § Transit has a unique Control Plane node, to connect local and remote Sites § Transit does not have Fabric Edge nodes Fabric Site 1 Fabric Site 2 Fabric Site 3 Transit B C B C B B C C B B Introducing Distributed Campus Enhanced Resiliency and Scale for Large Deployments 50
  44. 44. © 2018 Cisco and/or its affiliates. All rights reserved. SDA Inter-Connecting Fabric Sites Multiple Fabric Domains with Native SDA Transit Fabric Site 2 B C B Fabric Site 1 B C B LISPLISP LISP 1 CONTROL PLANE VXLAN-GPOVXLAN-GPO VXLAN-GPO 1 DATA + POLICY PLANE New in SDA 1.2 DNA Center 51 C
  45. 45. © 2018 Cisco and/or its affiliates. All rights reserved. C DNA Center Surveillance Camera Virtual Network Outdoor Wireless Virtual Network Fabric Extended Nodes DUAL MEDIA CONSOLE COM IN2 REF IN1 EXPRESS SETUP - DC-A + ! + 12-54V 3.4-3.0A - DC-B + OUT IN2 IN1 SYS EXP USB ALARM SDCARD SPEED DUPLEX PoE SYNCE HSR/PRP DISPLAY MODE 1 2 3 4 2 3 1 4 13 14 15 16 17 18 19 20 X 5 6 7 8 9 10 11 12 X SD-Access Capabilities • Easy automated Device install and setup • Stretched subnets for ease of endpoint connections • Workflow based policy automation • Segment Applications with separate Virtual Networks DNA Center Solution Benefits • Single pane of glass for management • Inventory, Topology, Image management • Automate Day 1 Installation • Network Assurance – Device 360 SD-Access Extension Key Benefits for IoT and Business BB 56 New in SDA 1.2
  46. 46. © 2018 Cisco and/or its affiliates. All rights reserved. • Extended node connects to a single Edge node using an 802.1Q Trunk port (single or multiple VLANs) using static assignment • Switchports on the Extended node can then be statically assigned to an appropriate IP Pool (in DNA Center) • SGT tagging (or mapping) is accomplished by Pool to Group mapping (in DNA Center) on the connected Edge node • Traffic policy enforcement based on SGTs (SGACLs) is performed at the Edge node Fabric Site B C B Fabric Edge * AP VXLAN Extended Node SD-Access Extended Node Point-to-Point Connections 57 New in SDA 1.2 * C9K Edge Only
  47. 47. © 2018 Cisco and/or its affiliates. All rights reserved. Layer 2 Flooding in SD-Access Edge Node 1 Edge Node 3 Broadcast or Link- Local Multicast traffic Broadcast or Link-Local Multicast traffic Edge Node 2 BB Allows Layer 2 flooding within an IP Subnet/vlan Silent Host Support Broadcast , Link Local Multicast and ARP flooding support Layer 2 Border Layer 2 Border
  48. 48. © 2018 Cisco and/or its affiliates. All rights reserved. SDA Fabric B B Host 1 IP: 10.1.1.0/24 Host 2 IP: 10.1.1.0/24 Hosts attached to SDA Fabric Edge nodes in Address Pool (1024) Host 3 IP: 10.1.1.0/24 Hosts attached to traditional Access switches in VLAN (10) Single or port-channel* Trunk Port * Dual-Homing requires L2 MEC to prevent L2 loops DATA-PLANE VLANVXLAN Layer 2 Hand off for Migration in SD-Access Layer 2 Border
  49. 49. © 2018 Cisco and/or its affiliates. All rights reserved. Native Multicast in SD-Access Significantly reduces replication load at the Head-End Significantly improves overall scale and reduces latencyPIM-SSM FB Multicast Source non Fabric Underlay Overlay Fabric RP B Client 1Client 2 FE1FE2 * DNAC 1.2.6
  50. 50. © 2018 Cisco and/or its affiliates. All rights reserved. Fabric in a Box in SD-Access FE+FB+CP on C9K Reduces the cost to deploy SDA for “mini” sites FABRIC IN A BOX B C
  51. 51. © 2018 Cisco and/or its affiliates. All rights reserved. 62
  52. 52. © 2018 Cisco and/or its affiliates. All rights reserved. Take Away Things to Remember
  53. 53. © 2018 Cisco and/or its affiliates. All rights reserved. Summary 1. Control-Plane based on LISP 2. Data-Plane based on VXLAN 3. Policy-Plane based on CTS Key Differences • L2 + L3 Overlay -vs- L2 or L3 Only • Host Mobility with Anycast Gateway • Adds VRF + SGT into Data-Plane • Virtual Tunnel Endpoints (Automatic) • NO Topology Limitations (Basic IP) 64 C B B
  54. 54. © 2018 Cisco and/or its affiliates. All rights reserved. Summary SD-Access = Campus Fabric + DNA Center BB Campus Fabric C 65 DESIGN PROVISION POLICY ASSURANCE DNA Center Simple Workflows
  55. 55. © 2018 Cisco and/or its affiliates. All rights reserved. SD-Access Support Fabric ready platforms for your digital ready network ASR-1000-X ASR-1000-HX ISR 4430 ISR 4450 WirelessRoutingSwitching AIR-CT5520 AIR-CT8540 Wave 2 APs (1800, 2800,3800) Wave 1 APs* (1700, 2700,3700) Catalyst 9400 Catalyst 9300 Catalyst 4500E Catalyst 6800 Nexus 7700 Catalyst 3650 and 3850 AIR-CT3504 ISRv/CSRv * with Caveats Extended Cisco Digital Building Catalyst 3560-CX NEW NEW NEW NEW 66 IE Series (4K/5K) NEW Catalyst 9500NEW
  56. 56. © 2018 Cisco and/or its affiliates. All rights reserved. SD-Access Resources Would you like to know more? cisco.com/go/cvd • SD-Access Design Guide - Dec 2017 • SD-Access Deploy Guide - Jan 2018 cisco.com/go/dnacenter • DNA Center At-A-Glance • DNA Center 'How To' Video Resources • DNA Center Data Sheet cisco.com/go/sdaccess • SD-Access At-A-Glance • SD-Access Design Guide • SD-Access FAQs • SD-Access Migration Guide • SD-Access Solution Data Sheet • SD-Access Solution White Paper 74

×